|
|
配置neutron.conf
5 P. q, p. `! M! |9 X复制代码 { y* x% A3 g% ] W7 Y" }7 ^
# 在全部控制节点操作,以controller01节点为例;
) t! I" l Z1 s" ?. U# 注意”bind_host”参数,根据节点修改;
# K+ G2 n* a3 s( g( \1 [" S4 i1 i: L# 注意neutron.conf文件的权限:root:neutron
* u% Q* y8 F0 Z7 C/ B/ m& U[root@controller01 ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak! n- r. i- H( w
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/neutron.conf
. V; P! L' M1 c[DEFAULT]6 E. `; p2 {! N5 _& F: b
bind_host = 172.30.200.311 [$ H" ^3 @7 M) x3 ]( {2 t7 \
auth_strategy = keystone
8 A$ @/ s' O! H' p+ @4 U6 ecore_plugin = ml29 k9 s) I7 s2 l8 _
service_plugins = router
3 M% {/ M4 D3 ]8 Y B" H7 Vallow_overlapping_ips = True' b: f O0 x8 Z$ s. v; {
notify_nova_on_port_status_changes = true# |" ]( p2 K& Z9 F. E
notify_nova_on_port_data_changes = true7 N* J6 b) |' p6 Q* c- D
# l3高可用,可以采用vrrp模式或者dvr模式;
7 n- i6 q+ T% [. p# vrrp模式下,在各网络节点(此处网络节点与控制节点混合部署)以vrrp的模式设置主备virtual router;mater故障时,virtual router不会迁移,而是将router对外服务的vip漂移到standby router上;
% t/ F: a; u% g1 v- o, ?" g# dvr模式下,三层的转发(L3 Forwarding)与nat功能都会被分布到计算节点上,即计算节点也有了网络节点的功能;但是,dvr依然不能消除集中式的virtual router,为了节省IPV4公网地址,仍将snat放在网络节点上提供;3 {9 o6 X" x: t6 _0 t7 q8 [$ k# ^
# vrrp模式与dvr模式不可同时使用
5 F7 {4 \: n3 x& Y; h# Neutron L3 Agent HA 之 虚拟路由冗余协议(VRRP): http://www.cnblogs.com/sammyliu/p/4692081.html* S7 t* g' E8 T9 [6 g6 m4 W
# Neutron 分布式虚拟路由(Neutron Distributed Virtual Routing): http://www.cnblogs.com/sammyliu/p/4713562.html
' q' L# r J \: S7 [4 O# “l3_ha = true“参数即启用l3 ha功能
6 E: g( E" C1 t2 Fl3_ha = true
( R. f; ~1 W5 d8 s- F# Y# 最多在几个l3 agent上创建ha router+ L9 l+ ?; V6 c) C' @# n3 m! \+ U$ e
max_l3_agents_per_router = 3
& d1 L/ C! o- K8 }' Y# 可创建ha router的最少正常运行的l3 agnet数量6 _7 X" ^ a6 Z: K2 m. C
min_l3_agents_per_router = 2
. I' h& ~0 a5 Z1 L: z: i# vrrp广播网络
+ K' |8 R o2 p5 A0 g! l2 _l3_ha_net_cidr = 169.254.192.0/18
r8 N! m) ]3 u6 B# ”router_distributed “参数本身的含义是普通用户创建路由器时,是否默认创建dvr;此参数默认值为“false”,这里采用vrrp模式,可注释此参数
0 g% i; v% {0 E- k4 S8 o3 H* n# 虽然此参数在mitaka(含)版本后,可与l3_ha参数同时打开,但设置dvr模式还同时需要设置网络节点与计算节点的l3_agent.ini与ml2_conf.ini文件
* S7 o% Q V+ F+ v c& o# V& s# router_distributed = true3 v# ^- |4 O8 |# C* U7 Q) h1 M
# dhcp高可用,在3个网络节点各生成1个dhcp服务器1 K. v" {5 {0 b% o# |' `
dhcp_agents_per_network = 3
0 e& ` S. Q: H( }2 Z3 L$ {# 前端采用haproxy时,服务连接rabbitmq会出现连接超时重连的情况,可通过各服务与rabbitmq的日志查看;
- p& b: G/ K w2 d( b/ H# transport_url = rabbit://openstack:rabbitmq_pass@controller:5673( P2 P {3 p c; c" x/ N
# rabbitmq本身具备集群机制,官方文档建议直接连接rabbitmq集群;但采用此方式时服务启动有时会报错,原因不明;如果没有此现象,强烈建议连接rabbitmq直接对接集群而非通过前端haproxy
" A) L |! u' d7 O* Htransport_url=rabbit://openstack:rabbitmq_pass@controller01:5672,controller02:5672,controller03:5672
4 z9 q1 e0 V' i" T! @[agent]
3 B/ \$ p/ s' G3 v: [8 d2 y" K8 P[cors]. r5 g% g1 D: p; w
[database]" ^/ Z/ ~, g7 k) |( E: r$ r) n
connection = mysql+pymysql://neutron:neutron_dbpass@controller/neutron, f" E, l4 i6 S Y0 I
[keystone_authtoken]
. g2 Y1 R/ j9 i6 s: r; m" y! xauth_uri = http://controller:5000
* H& T; @& B8 `& g1 Zauth_url = http://controller:35357: ?0 k1 e; J1 {" k% |9 W( ~
memcached_servers = controller01:11211,controller:11211,controller:11211
9 R. B, x% H* [0 ]$ M* Oauth_type = password
+ J o; Q# X8 R& mproject_domain_name = default
4 @6 b( {2 b0 n+ ?. h# {user_domain_name = default
- ^- e& d$ B2 r% e+ fproject_name = service
5 W) x5 d" @6 p8 Q8 b8 }username = neutron, w1 `/ i: Z4 S/ _
password = neutron_pass: q. T* x" a& l% i5 Z' v/ Y/ I
[matchmaker_redis]- A: K3 S; d- q4 J
[nova]0 z3 [7 D z u& J. F, O3 A
auth_url = http://controller:35357
2 P, y- }& {2 l6 F; X9 iauth_type = password
9 @7 u1 j0 Z/ w2 Q8 g/ F8 \1 \project_domain_name = default$ {$ B# M' f1 _& G1 p9 E' ?
user_domain_name = default2 Z j t6 d; G
region_name = RegionTest U( J, @& b5 u$ N7 [% l) K
project_name = service" E3 E9 y& S0 N
username = nova
0 V" _& {; [% O2 D0 _- Vpassword = nova_pass
& H" j" x0 C4 M8 p[oslo_concurrency]- X1 A$ I7 m0 f" y; W' R2 ~
lock_path = /var/lib/neutron/tmp
* w* z% z+ d% k[oslo_messaging_amqp]
* k. _5 X. c. K9 M# d[oslo_messaging_kafka]
% q# z; G2 _' C4 C# W[oslo_messaging_notifications]
2 U: a4 _$ @. z3 l5 W[oslo_messaging_rabbit]
4 u `; c/ ~. Z# h( k. |7 S[oslo_messaging_zmq]
$ k9 Y) @8 l# O4 X1 e$ d7 Z[oslo_middleware]3 @+ t8 u" h+ o
[oslo_policy]" ]# t" q# E. b2 s( {
[quotas], n. U, ^/ P' h. g8 @$ t, F$ A
[ssl]/ D( s A" N- R
复制代码
" O! g$ E( m$ \4 @. o6 `5. 配置ml2_conf.ini2 N6 o4 s8 N0 Q: f$ A2 b' Y0 [) w# y
复制代码6 y* y( x- R8 N7 t1 A ?
# 在全部控制节点操作,以controller01节点为例;" D# |4 Y7 S6 l2 E" g% b( c8 S
# ml2_conf.ini文件的权限:root:neutron
l* J1 i, a! X5 k$ }[root@controller01 ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak/ l( |6 ?/ o) k6 \3 Q
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/plugins/ml2/ml2_conf.ini& h1 `) v% D0 S7 ^: {: e( U' r
[DEFAULT]
5 I( \' [. X* r1 q/ w' @2 ~[l2pop]
% f* V9 a9 L' ~+ l; P- v0 G6 c, @[ml2]
$ P) z' y/ }# U. y! ztype_drivers = flat,vlan,vxlan) \0 Y& M) M, R, o( H' `
# ml2 mechanism_driver 列表,l2population对gre/vxlan租户网络有效; |2 _" z5 Y6 a& I! K
mechanism_drivers = linuxbridge,l2population; b; f1 }6 Q3 h/ |: c$ x4 Y
# 可同时设置多种租户网络类型,第一个值是常规租户创建网络时的默认值,同时也默认是master router心跳信号的传递网络类型
6 s7 ~# S6 Y4 L2 t8 }tenant_network_types = vlan,vxlan,flat2 G) G' G4 m0 d6 T2 I
extension_drivers = port_security3 a. n2 U' H# O1 O- F5 }: V
[ml2_type_flat]4 f8 @) w j, |8 a" Z. }
# 指定flat网络类型名称为”external”,”*”表示任意网络,空值表示禁用flat网络& u+ V; x6 a, r ~9 M' u
flat_networks = external* E1 \: Q8 {, v& k
[ml2_type_geneve]& Y# n( \* x. W, {
[ml2_type_gre]
0 h1 d$ X* ` t7 a, T- j# C- G& c[ml2_type_vlan]
9 \7 z8 J; _# H- o$ V# 指定vlan网络类型的网络名称为”vlan”;如果不设置vlan id则表示不受限# X! C" ~# b2 \5 t5 X
network_vlan_ranges = vlan:3001:3500
/ A$ Q |& P/ _6 g) x; v! j[ml2_type_vxlan]) O X2 e* O0 _% J9 T4 e9 D
vni_ranges = 10001:20000
: ]7 a: V* I5 @/ ]" j0 ?3 D[securitygroup]9 _% T' y( X# ]) _4 O1 L
enable_ipset = true
/ H ]3 E$ I" E3 P' }: k# 服务初始化调用ml2_conf.ini中的配置,但指向/etc/neutron/olugin.ini文件
0 z# z* b! Y4 |; t[root@controller01 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini. `; ~, k! m, M" Y
复制代码
$ t4 | S4 T, W0 W+ R6. 配置linuxbridge_agent.ini1 l* R' v6 [! k! E9 V& `
1)配置linuxbridge_agent.ini
4 \+ D+ ?. S! B, G复制代码
& u/ T+ q7 Q- u- P# K# 在全部控制节点操作,以controller01节点为例;
1 _ W h/ V8 u$ }* o8 f: d/ d" ]% ]# linuxbridge_agent.ini文件的权限:root:neutron
# W9 |$ R2 c0 C[root@controller01 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
! F- A: T$ K+ x( \; E# _4 f! ]( G+ q[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini& i, S$ ^. o* Z I8 t" S+ g! w
[DEFAULT]3 G* q0 j9 k# t3 m8 I. |4 s
[agent]
7 D% n% s4 t6 m# Z+ g* R9 `( e[linux_bridge]
; |$ D# X% ^# B) W. d$ h& C0 d: ?# 网络类型名称与物理网卡对应,这里flat external网络对应规划的eth1,vlan租户网络对应规划的eth3,在创建相应网络时采用的是网络名称而非网卡名称;
: \6 H r U- z; D; }' M0 F) [. A# 需要明确的是物理网卡是本地有效,根据主机实际使用的网卡名确定;3 I6 Q6 w5 h! k: K7 z, M
# 另有” bridge_mappings”参数对应网桥
0 t9 \/ {+ ~$ T; {physical_interface_mappings = external:eth1,vlan:eth3- U! w P# t( `. O9 ?7 I) o5 `
[network_log] w, i4 ~& V" g: O$ c, _
[securitygroup]
5 U/ p1 ?0 x" [4 \firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
. U! `! P+ p7 P; N4 S. uenable_security_group = true
. C7 J% J% y: |. F: p- D[vxlan]5 T: A+ D! v* f4 A- G7 f
enable_vxlan = true" ~/ W3 P$ w& `' k; |8 i- f
# tunnel租户网络(vxlan)vtep端点,这里对应规划的eth2(的地址),根据节点做相应修改: c* S$ I5 y! j1 S7 B
local_ip = 10.0.0.31( p' w; z0 h) Q' M1 L
l2_population = true& `) ^4 F! ^. E5 m4 R
复制代码
4 u9 b" W8 P, |( z2)配置内核参数
2 w0 N7 x# s# v/ X) k4 X复制代码
+ y8 M. J7 q; D0 R; W! f# bridge:是否允许桥接;3 Y, x7 Q9 U X5 p$ f: ^3 |
# 如果“sysctl -p”加载不成功,报” No such file or directory”错误,需要加载内核模块“br_netfilter”;0 }. ~$ [, B$ z9 p
# 命令“modinfo br_netfilter”查看内核模块信息;
1 c5 d) ~! e& l) Z2 z# 命令“modprobe br_netfilter”加载内核模块
7 k: A# o4 P/ W+ T& {[root@controller01 ~]# echo "# bridge" >> /etc/sysctl.conf) G3 x" E# u e( |; P. Z
[root@controller01 ~]# echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf& ^1 V7 h) c9 \) h2 g
[root@controller01 ~]# echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
. y Y% q* V1 ^$ X[root@controller01 ~]# sysctl -p
d7 R1 t: ?7 F- F7 u) K; K5 N9 N9 e复制代码4 O2 ~! @- E- R) E; c' t; w& K
7. 配置l3_agent.ini(self-networking)6 E7 z$ Z- E: L l, C
复制代码
( r/ y( v1 q \) K3 T# 在全部控制节点操作,以controller01节点为例;9 p' ^, }% K# B* @
# l3_agent.ini文件的权限:root:neutron3 m$ i% s! H6 T9 h! p: ? l ~
[root@controller01 ~]# cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak6 f. J1 J4 {1 l3 I4 ~" p- }9 E
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/l3_agent.ini" _, G* _: A; h9 C
[DEFAULT]5 v& u% d7 h' K' }$ x1 \& p, r+ O
interface_driver = linuxbridge
x! @+ I3 l& ^+ F, a; }[agent]/ L! D' r- W' z X$ r
[ovs]+ ~' E" u" F# |& J5 D
复制代码& I. a8 n _ i& V R
8. 配置dhcp_agent.ini
$ ^1 q/ n* @5 O" I1 ?0 v复制代码
- \* i" |8 `% ~! m8 n- \# 在全部控制节点操作,以controller01节点为例;
; }: s* k2 D0 r3 e# 使用dnsmasp提供dhcp服务;
4 N1 ~/ y8 }/ v4 M0 I2 G7 o# dhcp_agent.ini文件的权限:root:neutron
% E, @. H. X B7 |' O& D* f[root@controller01 ~]# cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak2 f5 a' m7 L* Z5 H! D f: w2 j" T
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/dhcp_agent.ini
% e6 z5 U0 U1 R3 q l[DEFAULT]( p# n ?! D, z/ V- W
interface_driver = linuxbridge
" K! n, c7 c; t, N4 Hdhcp_driver = neutron.agent.linux.dhcp.Dnsmasq( u2 n$ s* `% S1 _+ l( y! h
enable_isolated_metadata = true
% R: n- o+ M4 Y[agent]
2 N( a# v6 B( _ F[ovs]
) [# }0 s4 ?! [% U复制代码
' S b" E& z# E. N9 s# z4 ?9 c9. 配置metadata_agent.ini& v1 f" {% q0 |5 c: V4 B
复制代码
) E8 e6 I( [. a& t6 ]/ r# 在全部控制节点操作,以controller01节点为例;
0 Y3 T; Q5 c2 M) F1 b( q$ Y4 {# metadata_proxy_shared_secret:与/etc/nova/nova.conf文件中参数一致;* ~! w* B9 [7 o- t
# metadata_agent.ini文件的权限:root:neutron ], Z) M& m- \6 s
[root@controller01 ~]# cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak1 D( d+ U2 Z: f) |5 W% A
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/metadata_agent.ini4 s' Q* h8 x q4 {. S
[DEFAULT]
7 S, P! I- D, t" E, e: Jnova_metadata_host = controller" B P. e- Z& |( p6 H& R
metadata_proxy_shared_secret = neutron_metadata_secret
# W* K" d5 Q9 q, [! y: G, G( ^4 ~[agent]
1 ~. G8 \. R5 h2 _( E3 N[cache]/ J+ E, x' M. J2 X
复制代码: T3 C$ V2 h* P; l! q& Z* h
10. 配置nova.conf* Y: a8 L: F4 ~" @0 i. S
复制代码
& q5 h6 I- k j" l z# 在全部控制节点操作,以controller01节点为例;! w$ y4 l2 L& G3 |
# 配置只涉及nova.conf的”[neutron]”字段;
) D9 D* b& V. Q7 i# metadata_proxy_shared_secret:与/etc/neutron/metadata_agent.ini文件中参数一致
% c0 [8 l7 ^% R; p[root@controller01 ~]# vim /etc/nova/nova.conf% U8 w* Y. i) [+ A
[neutron]
4 f/ d6 v: V! p* T; E5 g: Purl = http://controller:9696
6 W( p6 C7 h5 ]3 ^7 C! { O% Y* Tauth_url = http://controller:353575 l& Q' K0 w5 l: @" Q# v) K; l% \
auth_type = password3 c' E0 |& R8 `
project_domain_name = default
# p9 S" T( @5 g6 N8 O4 l' cuser_domain_name = default
3 [1 E8 g, e x- @$ i& Lregion_name = RegionTest
) o* Q& G- v2 dproject_name = service
7 v% b8 U! L0 n a$ i& ^( Iusername = neutron
0 u# i& X& w' J+ W& ?! \password = neutron_pass! c, Z1 p9 [4 s
service_metadata_proxy = true
0 `+ q( H0 S$ j" C! H6 smetadata_proxy_shared_secret = neutron_metadata_secret' N+ S/ N5 c6 B1 c9 R
复制代码
$ l6 r, o: K1 S+ \11. 同步neutron数据库
3 y7 K; }2 _, u, `# 任意控制节点操作;
1 Z: g9 w5 a. H3 z, g9 Z3 g[root@controller01 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron( y: {# W7 |: g. G( U6 G
# 验证 ^$ r8 f I3 k @* _: I
[root@controller01 ~]# mysql -h controller01 -u neutron -pneutron_dbpass -e "use neutron;show tables;"' r( d( U/ j; U- w& j5 ?
12. 启动服务
0 l" T0 c+ Y. H8 W7 s3 |复制代码2 s4 o; j) c2 N6 s
# 全部控制节点操作;0 K5 v) G4 v: D6 V1 @
# 变更nova配置文件,首先需要重启nova服务
) U) c/ U! b3 \: A[root@controller01 ~]# systemctl restart openstack-nova-api.service, O! j: y$ o9 v" Z2 r8 s
+ x) X! a" K, i& q& K8 g8 v
# 开机启动
( e q: ]1 l R[root@controller01 ~]# systemctl enable neutron-server.service \
) a: b6 M+ V2 G neutron-linuxbridge-agent.service \% h! A* [" _, U2 `" m. ` `
neutron-l3-agent.service \
0 q, F% e, v6 @; ~' h3 T0 H3 r' g neutron-dhcp-agent.service \
4 P( }! f5 N+ m. H3 @5 K+ r neutron-metadata-agent.service
7 D$ E5 a2 L3 x. t. k$ R' W) s% A# 启动0 V3 V5 H7 c- U/ |
[root@controller01 ~]# systemctl restart neutron-server.service
& A0 r. ~4 n5 P7 f[root@controller01 ~]# systemctl restart neutron-linuxbridge-agent.service* u9 V; }9 u9 b8 B) W& q
[root@controller01 ~]# systemctl restart neutron-l3-agent.service0 t m3 _' O! A: j7 W- V5 X; b9 j* G
[root@controller01 ~]# systemctl restart neutron-dhcp-agent.service
% X/ k; v0 q: d8 a, h! c[root@controller01 ~]# systemctl restart neutron-metadata-agent.service' ~3 e0 E7 j0 i
复制代码
2 O4 z. v7 Q: ]/ f M* {" J13. 验证
/ [: s1 P) o" O复制代码/ p! |! u& M, ^' ^ u8 T! I
[root@controller01 ~]# . admin-openrc ; u Y7 X4 b% T& z" C. u9 E
# 查看加载的扩展服务; q/ T0 p$ k+ F" E
[root@controller01 ~]# openstack extension list --network" M! G0 u2 }' R8 P
# 查看agent服务
' z$ E( Z3 u. I$ R' q8 R. y- Q4 D[root@controller01 ~]# openstack network agent list2 h8 g! ^0 x5 v1 ^5 O; i# n
复制代码) d w8 S& c' f3 a Y0 L t( F3 _
6 y i9 @7 g# K% I; |" g14. 设置pcs资源2 M, R% g, i! t. k3 {$ Q, @) _
复制代码
) A: ]0 k; l9 N2 }8 A$ {: b# 在任意控制节点操作;2 ]. q0 P; z/ @0 j1 R$ p
# 添加资源neutron-server,neutron-linuxbridge-agent,neutron-l3-agent,neutron-dhcp-agent与neutron-metadata-agent
9 `% q/ q/ J: ^. O8 ^" N$ ][root@controller01 ~]# pcs resource create neutron-server systemd:neutron-server --clone interleave=true
* y4 \& C0 a8 S* W# r[root@controller01 ~]# pcs resource create neutron-linuxbridge-agent systemd:neutron-linuxbridge-agent --clone interleave=true8 ~0 D9 v6 s! U3 B. P) \
[root@controller01 ~]# pcs resource create neutron-l3-agent systemd:neutron-l3-agent --clone interleave=true" Y- V u! G# _; a
[root@controller01 ~]# pcs resource create neutron-dhcp-agent systemd:neutron-dhcp-agent --clone interleave=true* s5 F! W! [7 Q; H8 ~) V& Q+ b
[root@controller01 ~]# pcs resource create neutron-metadata-agent systemd:neutron-metadata-agent --clone interleave=true" a R$ b$ K3 A( W
# 查看pcs资源
$ V$ c+ f7 W* y[root@controller01 ~]# pcs resource
) f* S5 n: W+ J! r: l. s |
|
发表于 2021-10-8 17:15:33